After reports surfaced earlier this week of iCloud.com hacking in China, Apple has introduced a new support document that tackles browser security.
The complete document can be found here. Apple did specifically mention that it was “aware of intermittent organized network attacks” using insecure certificates. But, the document said that Apple’s own servers were not compromised:
The iCloud website is protected with a digital certificate. If users get an invalid certificate warning in their browser while visiting www.icloud.com, they should pay attention to the warning and not proceed. Users should never enter their Apple ID or password into a website that presents a certificate warning.
Apple then shows how users can check the contents of a site’s digital certificates using Safari, Chrome, and Firefox.
As reported on Monday, Chinese authorities are apparently using a man-in-the-middle attack to illegally obtain Apple ID information from users in China.
Some users in the country who visit iCloud.com are reportedly seeing a well-designed phishing site come up instead of Apple’s real site.
Unlike Safari, Firefox, or Chrome, a popular browser used by many Chinese didn’t detect the insecure certificate information.
For other recent news, see: An Apple Pay loyalty program could arrive in time for the holiday shopping season, Apple to open second retail store in Turkey on Oct. 25, and Demand for iPhone 6 Plus in China prompting Apple to shift production away from iPhone 6.